Activity
From 10 July 2025 to 08 August 2025
Today
- 11:56 AM Bug #22301: [External Audit Findings][iOS] No Jailbreak Detection
- Need to add the appcamo framework into the source code in next release.
Integrated AppCamo and conducted testing o... - 11:45 AM Bug #22301 (Pending PROD): [External Audit Findings][iOS] No Jailbreak Detection
- 11:51 AM Bug #22299 (Closed): [External Audit Findings][Android] Weak Root Detection
- According to OCBC product owner, their shielding vendor can detect rooted devices, so no action is needed from the SL...
- 11:48 AM Bug #22302 (Pending PROD): [External Audit Findings][iOS] Certificate files hardcoded inside the app
- 11:47 AM Bug #22274 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- 11:47 AM Bug #22275 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- 11:46 AM Bug #22276 (Pending PROD): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Reali...
- 11:46 AM Bug #22283 (Pending PROD): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- 11:45 AM Bug #22286 (Pending PROD): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
- 11:45 AM Bug #22300 (Pending PROD): [External Audit Findings][Android] Certificate files hardcoded inside ...
- 11:45 AM Bug #22303 (Pending PROD): [External Audit Findings][iOS] Weak SSL Pinning
- 11:36 AM Bug #22304 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...
- 11:35 AM Bug #22305 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...
- 11:35 AM Bug #22306 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...
- 11:35 AM Bug #22317 (Pending PROD): [PROD][Android] Show "Something went wrong with OCBC Business" at Goog...
- Due to the lack of specific phone model and device OS information, unable to simulate the issue and test the fix on o...
- 10:35 AM Bug #22317 (Assigned): [PROD][Android] Show "Something went wrong with OCBC Business" at Google P...
- 238,025
Updated encrypted method due to certain devices unable to get firebase token
238,064
31/7/2025 change ba... - 10:32 AM Bug #22325 (Pending PROD): [PROD][Android] Show Permission Required Pop Up when Share Receipt
- tested ok in UAT
- 10:31 AM Bug #22325 (Pending UAT ): [PROD][Android] Show Permission Required Pop Up when Share Receipt
- 10:27 AM Bug #22325 (Assigned): [PROD][Android] Show Permission Required Pop Up when Share Receipt
- 10:27 AM Bug #22325 (Resolved): [PROD][Android] Show Permission Required Pop Up when Share Receipt
- 238,103
update for android 15 screenshot error
238,117
8/8/2025 Bug #22325 [PROD][Android] Show Permission Requi...
07 August 2025
- 02:38 PM Bug #22325 (Pending PROD): [PROD][Android] Show Permission Required Pop Up when Share Receipt
- Steps to reproduce:
1. Perform Own Account Transfer
2. After successfully perform transaction, tap on "SHARE" butto...
06 August 2025
- 11:12 AM Bug #22283 (Pending UAT ): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- 11:11 AM Bug #22276 (Pending UAT ): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Reali...
- 11:08 AM Bug #22301 (Pending UAT ): [External Audit Findings][iOS] No Jailbreak Detection
- 11:07 AM Bug #22300 (Pending UAT ): [External Audit Findings][Android] Certificate files hardcoded inside ...
- 11:06 AM Bug #22302 (Pending UAT ): [External Audit Findings][iOS] Certificate files hardcoded inside the app
- 11:06 AM Bug #22303 (Pending UAT ): [External Audit Findings][iOS] Weak SSL Pinning
- 11:05 AM Bug #22304 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...
- 10:58 AM Bug #22305 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...
- 10:39 AM Bug #22306 (Pending UAT ): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...
- Released to UAT
- 08:50 AM Bug #22274 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
05 August 2025
- 04:43 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app
- 238,098
5/8/2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Remove ... - 04:31 PM Bug #22274 (Assigned): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...
- 04:30 PM Bug #22274 (Resolved): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...
- 238,097
5/8/2025 Bug #22274 [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer][Online Trans... - 04:10 PM Bug #22274 (Assigned): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...
- Please help to change for EN and ID too. Should show "Online Transfer".
04 August 2025
- 02:29 PM Bug #22306 (Resolved): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric Acti...
- RC: Modification of response parameters in the API allows an attacker to alter values such as item prices, item quant...
- 02:27 PM Bug #22305 (Resolved): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object Refer...
- RC: The IDOR vulnerability occurs when an app exposes internal object references without access control. This allows ...
- 12:12 PM Bug #22283: [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- 238,095
4/8/2025 [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
update google-service.json for ua...
01 August 2025
- 10:10 PM Bug #22306: [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric Activation
- 238,077
1/8/2025 [External Audit Findings][MLEB] Bypass OTP in Biometric Activation
Issue:
Modification of respons... - 04:15 PM Bug #22300 (Resolved): [External Audit Findings][Android] Certificate files hardcoded inside the app
- merged into trunk
- 03:09 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app
- 238,072
1–8-2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:
S... - 11:33 AM Bug #22305: [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object Reference Vulner...
- 238,070
1/8/2025 [External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability (IDOR)
Issue:
Th...
31 July 2025
- 02:40 PM Bug #22317 (Pending PROD): [PROD][Android] Show "Something went wrong with OCBC Business" at Goog...
- Please refer to attached image for details.
Please provide root cause and solution. - 10:52 AM Bug #22304: [External Audit Findings][MLEB, iOS, Android] User Enumeration through Error Messages
- 238,053
31/7/2025 [External Audit Findings][MLEB] User Enumeration through Error Messages
Issue:
Error messages in... - 09:58 AM Bug #22304 (Resolved): [External Audit Findings][MLEB, iOS, Android] User Enumeration through Err...
- RC: Error messages provides valid and invalid username information.
Solution: Modify error message to generic mess...
30 July 2025
- 04:43 PM Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app
- 238,044
30/7/2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:... - 10:35 AM Bug #22165 (Closed): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When App ...
- released to production on 3rd July 2025
- 10:30 AM Bug #22165 (Resolved): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When Ap...
- Verified
29 July 2025
- 10:24 AM Bug #22301 (Assigned): [External Audit Findings][iOS] No Jailbreak Detection
- Added more rigid jailbreak detection.
- 10:05 AM Bug #22301 (Pending PROD): [External Audit Findings][iOS] No Jailbreak Detection
- Issue:
Jailbreaking is the process of gaining administrative or privileged access to the iOS OS. Without jailbreak d... - 10:22 AM Bug #22302 (Assigned): [External Audit Findings][iOS] Certificate files hardcoded inside the app
- The certificate is now encrypted and obfuscated before being included in app.
- 10:07 AM Bug #22302 (Pending PROD): [External Audit Findings][iOS] Certificate files hardcoded inside the app
- Issue:
Same as Android – developers embed a list of trusted certificates inside the app and use it to validate serve... - 10:20 AM Bug #22303 (Assigned): [External Audit Findings][iOS] Weak SSL Pinning
- Added SSL Pinning, which compare server hashed public key compared to app's hashed public key.
- 10:09 AM Bug #22303 (Pending PROD): [External Audit Findings][iOS] Weak SSL Pinning
- Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning... - 10:12 AM Bug #22306 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Bypass OTP in Biometric ...
- Issue:
Modification of response parameters in the API allows an attacker to alter values such as item prices, item q... - 10:11 AM Bug #22305 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] Insecure Direct Object R...
- Issue:
The IDOR vulnerability occurs when an app exposes internal object references without access control. This all... - 10:10 AM Bug #22304 (Pending PROD): [External Audit Findings][MLEB, iOS, Android] User Enumeration through...
- Issue:
Error messages in an application can provide valid and invalid username information.
This information can po... - 10:04 AM Bug #22300 (Pending PROD): [External Audit Findings][Android] Certificate files hardcoded inside ...
- Issue:
SSL Pinning is a security mechanism used to prevent man-in-the-middle attacks by validating the certificate ... - 10:02 AM Bug #22299 (Closed): [External Audit Findings][Android] Weak Root Detection
- Issue:
Rooting is the process of gaining administrative or privileged access to the Android OS. Without root detecti... - 09:55 AM Bug #22286 (Pending UAT ): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
- Tested OK in SIT
- 09:54 AM Bug #22275 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- 09:53 AM Bug #22275: [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer][Online Tr...
- Tested ok in SIT
- 09:52 AM Bug #22274 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- Show "Online Transfer"
28 July 2025
- 04:31 PM Bug #22282 (Monitoring): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on...
- Unable to reproduce it in UAT. Based on log review, only one record was passed from MLEB to BE.
- 04:28 PM Change Request #22160 (Closed): [CR][Android] Chinese Translation
- Released to production on 3rd July 2025
- 04:28 PM Change Request #22161 (Closed): [CR][iOS] Chinese Translation
- Released to production on 3rd July 2025
- 04:27 PM Bug #22280 (Closed): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token
- Released to production on 14th July 2025
- 04:26 PM Bug #22241 (Closed): [UAT][BE][Unbind Device] Hit Error When Unbind Device
- Released to production on 14th July 2025
- 04:25 PM Bug #22240 (Closed): [UAT][Android][ATM & Branch] Show Error When Tap on ATM & Branch Menu
- same as redmine #22286
25 July 2025
- 03:31 PM Bug #22101 (Closed): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is ...
- 12:05 PM Bug #22101: [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is Empty
- BAU only set to system default.
solution
during calling getsTransactionFundTransferStep1 grap value and store it ... - 03:31 PM Bug #22106 (Closed): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms...
- 02:56 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
- Root Cause:
The application crash occurred during the Telegraphic Transfer (TT) flow in the Business-As-Usual (BAU... - 02:49 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
- the root cause provided is unclear, and the solution is missing.
- 12:15 PM Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
- Refer 22101 as due to changing calling getsTransactionFundTransferStep1 FE require to call additional transactionBene...
24 July 2025
- 05:11 PM Bug #22064 (Closed): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App
- 04:42 PM Bug #22064 (Assigned): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App
- please provide root cause and solution.
- 04:42 PM Bug #22101 (Assigned): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields i...
- please provide root cause and solution
- 04:40 PM Bug #22106 (Assigned): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Ter...
- please help to provide root cause and solution
- 11:22 AM Bug #22286 (Assigned): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
- 11:18 AM Bug #22286 (Resolved): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
- 237999
24-7-2025 Bug #22286 [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
Actual Result:
Show err...
23 July 2025
- 04:21 PM Bug #22283 (Assigned): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- 04:20 PM Bug #22283 (Resolved): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- 237981
22/7/2025 update google-service.json for uat and prod for crashlytic fixes
root cause: google-service.js...
18 July 2025
- 04:52 PM Bug #22246 (Feedback): [UAT][BE][Biometric Login]Hit Error When Enable Biometric Login
- BE: From logs on 03/07/2025, seems to be omni side error(omni.O0081 Undefined error), pls check with omni side whethe...
- 04:26 PM Bug #22282 (Feedback): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on T...
- BE: Upon inspecting production logs, only found one such result from omni, and only one such result is passed back to FE
- 04:19 PM Bug #22286 (Pending PROD): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
- +Pre-Login+
Steps to Reproduce:
1. Pre-Login screen, tap on "ATM & Branch".
Post Login
Steps to Reproduce:
1. ... - 11:00 AM Bug #22283 (Pending PROD): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
- Update the app_id to match the one used in Firebase.
17 July 2025
- 03:03 PM Bug #22280 (Resolved): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token
- Issue: Incorrect Sequence Key Constraints
Fix: Fix code ensures that ID numbers now follow the correct sequence - 02:57 PM Bug #22241 (Resolved): [UAT][BE][Unbind Device] Hit Error When Unbind Device
- Issue: Incorrect Sequence Key Constraints
Fix: Fix code ensures that ID numbers now follow the correct sequence
16 July 2025
- 02:58 PM Bug #22282 (Monitoring): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on...
- Unable to reproduce in UAT
!UAT.jpeg!
Transaction Type: Internal Fund Transfer
Date and Time: July 2 around 06.4... - 11:35 AM Bug #22280 (Closed): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token
- 1. When accept T&C for the first time login, get error MCB999:
1st Customer
• Org ID: PACIFICPI
• User ID : ABD... - 11:31 AM Change Request #22174 (Closed): [CR][BE] Obsolete Linux OCBC Business (Velocity) Mobile
- deployed to production on 15 July 2025
- 11:29 AM Bug #22158 (Closed): [PROD][iOS] Different App Version show in AppStore and App
- 11:17 AM Bug #22145: [Android][Login] Show Error.mcb.9999999 When Login to App
- OCBC side will ask user to try again
- 10:58 AM Bug #22166: [PROD][Android] Bind Device First, Then Only Show OTP Screen
- Requested video from OCBC side
- 10:53 AM Bug #22188 (Pending Information): [PROD][Android] Failed to Launch App After Updated to Latest Ve...
- 10:35 AM Bug #22030 (Closed): [PROD][Android] Often Auto Logout Even Device is Binded
- same issue as parent task
15 July 2025
- 03:12 PM Bug #22276 (Resolved): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Realizati...
- r237940 | yeowyc | 2025-07-15 07:11:14 +0000 | 4 lines
Changed paths:
M /Project/OCBC_NISP/Mobile_FrontEnd/iOS/O... - 11:35 AM Bug #22276 (Pending PROD): [PROD][iOS][Side Menu][My Accounts] "Financial Information & Tax Reali...
- Steps to reproduce:
1. Open side menu
2. Select "My Accounts"
Actual Result:
"Financial Information & Tax Reali... - 11:29 AM Bug #22275 (Resolved): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...
- Fixed due to FE did not pass transfer type to BE
- 10:31 AM Bug #22275 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- Steps to reproduce:
1. Select “Transactions” in side menu.
2. Select “Fund Transfer”.
3. Select "Manage Saved Bene... - 10:49 AM Bug #22274 (Resolved): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer...
- fixed at trunk version
- 10:24 AM Bug #22274 (Pending PROD): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
- Steps to reproduce:
1. Select “Transactions” in side menu.
2. Select “Fund Transfer”.
3. Select "Manage Saved Bene... - 10:34 AM Change Request #22173 (Closed): [CR][Android] Update Splash Screen Information
- 10:34 AM Change Request #22172 (Closed): [CR][iOS] Update Splash Screen Information
- 10:33 AM Bug #22170 (Closed): [PROD][Android] App Request for Biometric Registration Even Customer Already...
- 10:33 AM Bug #22159 (Closed): [PROD][Android] App Show Error "Permission Required" When Launch App Even Al...
14 July 2025
- 11:32 AM Bug #22273 (New): [UAT][iOS][Transaction][Authorization] Time Deposit Account Opening Transaction...
- Steps to reproduce:
1. Select “Transaction” in side menu.
2. Select "Authorization".
3. Authorization screen, sele...
Also available in: Atom